Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hey guys,
I've been having continuous popups and my IE explorer has been pretty slow. Also there has been a new toolbar that I did not install.
I've tried using SpyDoctor, Ad-Aware, and Norton Antivirus. Thank you all in advance.

You have a Qoologic infection, lets get rid of that, then we will clean up the rest.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

With all windows and browsers closed

Please run Ewido, and run a full scan. Clean/remove everything it finds. Save the logfile from the scan.

Reboot back into normal mode and post back a new hijackthis log, along with the ewido scan.

Create a new folder C:\Antispyware\RKFiles
Extract the contents of RKFiles.zip into the new folder you just created.

Next, Create a new Folder on Desktop. Name that Folder QOOLOGIC
Please download Findqoologic into the new Folder, and then unzip it into the new Folder.

Restart to safe mode. (tap f8 key during bootup)

Open the C:\Antispyware\RKFiles folder
Double click on RKFILES.BAT

Give it time to run. this may take a while.
Save the text file it creates.
It should save by default to C:\Log.txt

Next, open the QOOLOGIC Folder and Locate and double-click the Find-Qoologic.bat file to run it.
Wait until a text file opens, post it in a reply to your thread after doing the rest of what follows here.
It'll take a while to run a full scan so please be patient.

Restart into regular Windows mode and post the contents of C:\log.txt and the find-qoologic results.

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Files found Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\adlinstallwin32.exe: UPX!
C:\WINDOWS\system32\PSof1.exe: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\DivX.dll: PEC2

Please copy the following instructions to a notepad file and save them because you won't be able to see this page.
Keep the notepad file Open

When asked below, you will need to be Offline and NO IE windows open. When ready to start the fix, unplug your cat-5 wire from machine if you are on cable or a network.

[1] Download the Pocket Killbox.[2] Unzip the contents of KillBox.zip to a convenient location.[3] Disconnect from internet and shut down all running programs[4] Double-click on KillBox.exe. and keep killbox Open.(Important to keep killbox and notepad file open)[4a] Use task manager to end process on all instances of explorer.exeYour desktop will disappear but that's normal. It will come back after Reboot part of this fix.[5] Click "Delete on Reboot" box.[6] Paste this file into the top "Full Path of File to Delete" box.

[11] Click "Delete on Reboot" box.[12] Paste this file into the top "Full Path of File to Delete" box.

C:\docume~1\alluse~1\startm~1\programs\startup\NCNK.EXE

[13] Click the "Delete File" button which looks like a stop sign.[14] Click "Yes" at the "Process and Reboot Now" prompt.[15] Click "Yes" at the Pending Operations prompt to restart your computer. Allow machine to reboot.[16] Once restarted...Double-click on qoologic.bat and post the new log.txt.
Please Do Not reboot until I reply back.

Note that we may have to repeat this process a few times to completely kill off all of the files.

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Files found Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.